401 Class 19: Cloud Detective Controls - nataliabdallah/codefellows-ops-reading-notes GitHub Wiki
Home | README.md | Portfolio | ← | →
Reading What is Amazon GuardDuty?
Videos
AWS re:Inforce 2019: Threat Detection on AWS: An Introduction to Amazon GuardDuty (FND216)
What are some of the IoCs that GuardDuty can detect?
Indicators of Compromise (IoCs)- unusual resources launched, port scan performed, resource permissions discovery, bitcoin activity, etc
What are some of the data sources which GuardDuty can use?
VPC flow Logs, Clout Trail Events, and DNS Logs
How does GuardDuty use access behavior to spot potential malicious activity?
sites hosting hacker tools, cryptocurrency mining pools, detecting unusual out of the ordinary base line behavior. Unusual API activity, unusual logins (The speaker warns about: after getting the service, don't start doing unusual things, because you're now putting it into the baseline model)